What is eCommerce Fraud and How to Prevent It

The rapid growth in eCommerce has seen an equally rapid growth in eCommerce fraud. With bad actors creating increasingly complex fraud schemes, online retailers need to keep on their toes to prevent becoming the next victim of eCommerce fraud.

But, forearmed is forewarned. In this guide, we set out to examine the most common forms of eCommerce fraud and offer advice on how to protect your online business.

One of the most important steps is understanding the type of fraud risks faced by online retailers. In this first section, we detail the most common types of eCommerce fraud.

Common eCommerce Fraud Types

Fraudsters have created ever more devious forms of defrauding online traders. Knowing the common methods they use is a critical step in any fraud prevention policy.

The list below describes the most common fraud methods deployed against online traders.

Friendly Fraud

Friendly fraud is a definite misnomer! Despite its name, friendly fraud is incredibly common and, unfortunately, it is difficult to guard against. The fraud scheme works like this:

The customer buys the goods or services and pays for the transaction. At this point, everything seems normal, and the seller probably thinks that another satisfied customer has received their goods.

However, whether the customer is satisfied or not, they contact their credit card company and lodge a dispute. Most of the time, they will give one of the following as the reason for the dispute:

• Faulty or damaged goods
• Goods or services not as described
• The work carried out was unsatisfactory

As soon as the customer raises a dispute, they receive a full refund for the goods or services, and it is the seller that is out of pocket.

Tips for Avoiding Friendly Fraud

The first thing to be aware of is that not every such instance constitutes friendly fraud. Many disputes are raised in error, and focusing on the causes of these errors can greatly reduce a trader’s exposure to disputed sales.

Here are some straightforward measures that will reduce disputed sales:

• Don’t oversell or make unrealistic claims about your product or service.
• Use a consistent trading name. Customers are often confused if the name on a statement doesn’t match a recent sale.
• Keep complete records of work carried out in case of a dispute.

Of course, this doesn’t negate instances of genuine fraudulent behavior. But by reducing accidental cashback claims, it allows merchants to separate genuine fraud from legitimate cashback claims.

Goods Returned Fraud

A returns policy is another area that is frequently exploited by fraudsters. There are many ways in which returns can be used to defraud merchants. Some of the most frequently exploited vulnerabilities are detailed below:

• switching – This method sees fraudsters return a damaged but identical item for the one that was purchased.
• Price Arbitrage – Similarly, fraudsters may return a cheaper but similar item to the one they purchased.
• Bricking – This normally applies to electrical items. In this case, the buyer purchases an electrical item such as a laptop. They then strip the items of valuable and resellable components before returning the product.
• Wardrobing – This is incredibly common and, in many ways, similar to friendly fraud. In these instances, the buyer will purchase clothing or footwear that they intend to wear for a short period before returning them for a full refund.

Tips for Avoiding Returns Fraud

This is another difficult fraud to protect against, but again, some simple procedures can drastically reduce a seller’s exposure to this type of fraud.

• Always cross-reference the buyer’s contact details with the original order.
• De-incentify returns by offering credits or tokens instead of cash refunds.
• To protect against bricking returns, weigh all returned electronic goods and compare the results against the expected figure.

Non-delivery fraud

There are about 11.5 million parcels delivered each day in the UK. This equates to 132 parcels being delivered every second of every day. The logistics behind this are staggering, particularly when we consider that many of these are delivered on a “next day” basis.

This leaves plenty of scope for errors, misdeliveries, and – of course – fraud. Claiming that a parcel has not been delivered is another fraud that is difficult to guard against. For starters, trying to discern whether the customer is trying to defraud you or the customer has been a victim of theft is challenging.

The stolen parcel figures for the UK are staggering. According to the Interactive Media in Retail Group (IMRG), there were over a billion parcels stolen in the year up to April 2022. In the same survey, 12% of respondents had a parcel lost or stolen.

Tips for avoiding non-delivery fraud

Collecting proof of delivery is the obvious way to combat non-delivery fraud. While not foolproof, it does radically reduce instances of lost parcels.

Other good practices include working with reputable courier companies and ensuring that photographic evidence of a delivered parcel is taken. These can act as evidence that a claim is illegitimate.

Triangulation Fraud

This is one example of how clever fraudsters can exploit vulnerabilities in systems. This is a relatively new scam, but it is becoming increasingly common. The scam involves three main components:

• The customer (legitimate)
• A legit online store
• A fraudulent online store

Like all successful scams, it is a simple but effective concept (from the scammer’s point of view). It works like this:

1. The genuine customer purchases from an online marketplace such as eBay, Amazon, or Etsy. This is the product that the scammer is pretending to sell.
2. The scammer orders an identical item from a legitimate store using a stolen credit card. The delivery address used is that of the genuine customer, and the customer receives their order unaware that they have been part of a fraud.
3. The genuine owner of the credit card notices the payment and contacts their card provider, who cancels the card and refunds the fraudulent payment. At the expense of the genuine store.
4. The fake seller ignores all attempts at contact or vanishes altogether, along with the original customer’s cash

Tips for avoiding triangulation fraud

Awareness of the mechanisms of this fraud is key here. Here are some of the data points that should raise warning flags:

• Different delivery addresses (particularly with new customers).
• Recurring orders if the same customer suddenly and repeatedly buys a particular item, it could point to fraudulent behavior.
• Incorrect contact details if customers don’t respond to communications then it could be a scam. It obviously isn’t practical to confirm each customer’s contact details, but it is a worthwhile exercise when other warning signs are present.

Fighting Back – Steps all Online Retailers can Take

To conclude, we will look at some easy steps that retailers can take right now to help confirm the veracity of online payments.

1. Make sure the store is Payment Card Industry (PCI) security compliant.
2. Monitor for suspicious activity, there are software solutions that can flag up transactions that fall out with a “safe profile”.
3. Use an address verification service to authenticate the sale.
4. Set purchase limits, or at least include purchase thresholds as a warning flag.
5. Use reputable couriers and return policies that don’t encourage fraud.

The rise of online fraud is not something that should dissuade businesses from online operations. It is human nature since the dawn of time there have always been individuals who operate outside of the law, and steps have always been required to protect the law-abiding public and businesses.

Being aware of the types of common frauds and the warning flags to watch out for, will go a long way to ensure your online store steers clear of fraud.

About the author: Craig Thomson

Craig Thomson started an IT business in Scotland that quickly evolved into a leading supplier of POS and payment systems that covered the West Coast of Scotland. After working in the retail sector for over twenty years, he decided the time was right for semi-retirement when the Covid pandemic hit. He now lives in Spain and still works as a consultant as well as being a prolific blogger on all matters related to payment processing.